[LARTC] new perflow rate control queue
Hi, One of my customer needs per flow rate control, so I write one. The code I post here is not finished, but it seems to work as expected. The kernel patch is agains kernel 2.6.11, the iproute2 patch is against iproute2-2.6.11-050314. I write the code in a hurry to meet deadline. There are many other things to do ahead for me. The code is written in 2 days (including read other queue's code) and tested for a while to find obvious mistake. Don't be suprised when you find many many bugs. The test scenario is like this www server - [ eth0 eth1 ] - www clients The attached t.sh is used to generate test rules. Clients download a big ISO file from www server, so flows' rate can be estimated by view progress. However I use wget to test the speed, so the speed is accumulated, not current. The problems I know: 1. The rtnetlink related code is quick hack. I am not familiar with rtnetlink, so I look at other queue's code and use the simplest one. 2. perflow queue has no stats code. It will be added later. 3. I don't know what is the dump() method 's purpose, so I didn't write dump() method. I will add it later when I know what it is for and how to write rtnetlink code. Any feedback is welcome. And test it if you can :) PS: the code is licensed under GPL. If it is acceptable by upstream, it will be submitted. -- lark iproute2-2.6.11-050314-perflow.diff Description: Binary data linux-2.6.11-perflow.diff Description: Binary data t.sh Description: Bourne shell script ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] new perflow rate control queue
Wang Jian wrote: Hi, One of my customer needs per flow rate control, so I write one. The code I post here is not finished, but it seems to work as expected. The kernel patch is agains kernel 2.6.11, the iproute2 patch is against iproute2-2.6.11-050314. I write the code in a hurry to meet deadline. There are many other things to do ahead for me. The code is written in 2 days (including read other queue's code) and tested for a while to find obvious mistake. Don't be suprised when you find many many bugs. It looks quite clean, but couldn't the same be achieved with just providing per-flow fairness and leaving the rate-limiting to an upper qdisc like HTB or HFSC? Regards Patrick ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] new perflow rate control queue
Hi Patrick McHardy, HTB + SQF can only achieve part of funcionality. Per flow rate control means per flow bandwidth assurance + bandwidth constraint. When we use HTB + SQF, 1. We can't achieve bandwidth assurance when flow count is higher than expected; this often means we fail to meet the quality requirement. 2. We can't enforce bandwidth constraint when flow count is very low; this often means waste of bandwidth. On Mon, 04 Apr 2005 10:51:15 +0200, Patrick McHardy [EMAIL PROTECTED] wrote: Wang Jian wrote: Hi, One of my customer needs per flow rate control, so I write one. The code I post here is not finished, but it seems to work as expected. The kernel patch is agains kernel 2.6.11, the iproute2 patch is against iproute2-2.6.11-050314. I write the code in a hurry to meet deadline. There are many other things to do ahead for me. The code is written in 2 days (including read other queue's code) and tested for a while to find obvious mistake. Don't be suprised when you find many many bugs. It looks quite clean, but couldn't the same be achieved with just providing per-flow fairness and leaving the rate-limiting to an upper qdisc like HTB or HFSC? Regards Patrick -- lark ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Limiting bandwidth on one port
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Everyone I'm new to tc. I'm trying to speed limit access to SSH/SFTP on my external interface (eth0) without affecting any other traffic on any of the other interfaces. I've attached a script with my tc commands in. Can someone point me in the right direction? Thank you for your help in advance. Tim - -- If you wish to be happy for one hour, get drunk. If you wish to be happy for three days, get married. If you wish to be happy for a month, kill your pig and eat it. If you with to be happy forever, learn to fish. -- Chinese Proverb -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iQEVAwUBQlEO2PXjnG6MF3+4AQKCwwgA10hxw+BwzIcUdBS549Twfs8luXD7cGLx GrN4c8rIjbz/g64CBRv/0FQNamNB+n2qJkHw36LpknyjKY4+kYvcovMQposYeVuj g/BD7qRa502GIOWMJxbjlGStxwcg2V2pTR+nXy/HNvQsQXGpwYMJ10qGVLlxyF0U QjcVbry4XpflDGbmpilfJOsNETcfUHC2yxCku1JDIvr6sQ7KPzg5Pyi1HHC1dHt6 qkKTQ0sRuICNhIuuVbj9NaHVd7F7DHWxzINiT0dTIslWz/IzbVLAoLDuaVGTetRA w3rCZEw2Yv+ryjWYih+9hHheVTZSFt3z5uAekZW3ZVICE1fMmqI6ug== =tiz/ -END PGP SIGNATURE- #!/bin/sh ### Basics DEV=eth0 IP=192.168.1.4 LINERATE=2mbit LOWRATE=8kbps TC=/sbin/tc ### Rules - throttle SSH on ext_int $TC qdisc del dev $DEV root $TC qdisc add dev $DEV root handle 1: cbq avpkt 1000 bandwidth $LINERATE $TC qdisc add dev $DEV parent 1: classid 1:1 cbq rate $LOWRATE allow 1500 prio 5 bounded isolated $TC filter add dev $DEV parent 1: protocol ip prio 16 u32 match ip sport 22 0x flowid 1:1 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Help please with tc and iptables mark
Hello list members, Finaly I'm here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don't work at all for me. Let me explain a bit more in detail: I have a server behind my linux-firewall box (firewall is with 2.6.10 kernel custom build, iproute2-2.6.11, iptables-1.3.1, gcc-3.4.3), for which server I want to limit the incoming traffic to certain limits (I choose for test 100kbit rate, 100kbit burst, mtu 1500). The server IP address behind the firewall is 192.168.1.218 attached to eth0 interface. Interface eth1 on the firewall faces the incoming traffic from the outside world: eth0 eth1 Server|--|linux|--|outside 192.168.1.0/24 192.168.2.0/24 .218 .99 .100 Now, I've created an iptables rule like this: iptables -t mangle -I PREROUTING -i eth1 -p tcp -d 192.168.1.218 --dport 22 -j MARK --set-mark 1 After this, I added the ingress qdisc and then the filter with tc: tc qdisc add dev eth1 handle : ingress tc filter add dev eth1 parent : \ protocol ip prio 50 handle 1 fw \ police rate 100kbit burst 100kbit mtu 1500 drop \ flowid :1 I was trying to simulate from outside some traffic towards the server using sftp transfer (I try to limit port 22 access). The total available bandwidth without filters is arround 1Mbit/sec. The file to transfer is quite large (11 MBytes). The results from tc -d -s filter show dev eth1 parent : are showing that no packet was dropped (the output is bellow) filter protocol ip pref 50 fw filter protocol ip pref 50 fw handle 0x1 classid :1 police 0x6 rate 10bit burst 12799b mtu 1500b action drop ref 1 bind 1 Sent 0 bytes 0 pkts (dropped 0, overlimits 0) qdisc pfifo_fast 0: bands 3 priomap 1 2 2 2 1 2 0 0 1 1 1 1 1 1 1 1 Sent 6823868 bytes 112558 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 qdisc ingress : Sent 4451034 bytes 9297 pkt (dropped 0, overlimits 0 requeues 0) rate 0bit 0pps backlog 0b 0p requeues 0 although the packets are marked by iptables (the packet and traffic counters are incremented for that specific MARK rule) What puzzled me is that using u32 classifiers with tc (match by IP, port, protocol) for the same kind of traffic everything works just perfect, the available incoming bandwidth to the server is limited to what I want to be and I can see that the filter is dropping the packets. Obviously the logical thing is to use the u32 classifiers instead of iptables marks, but I want to keep the classification to be done by iptables as I also do there some decisions for which traffic is allowed (is more that I have customised a start-up script for iptables to match my needs using different switches and predefined variables for ports and Ip addresses). I also have another reason not to use u32 classifiers, I cannot get the logic behind the pattern/mask for selecting a certain port range for tcp/udp traffic (I've tried to match my traffic using u32 pattern/mask rules for a port-range after reading some documentation and I still can't make it work, I doing something wrong for sure - this is just me, so ignore it, I'll get it right after more reading). Any chance I could get some help for my problem (iptables marking the packets and tc filtering by these marks)? BTW, I have tried older versions of iproute2 with different versions of iptables and kernel 2.6.x and 2.4.x as well, but still no luck. Also I have followed the thread at: http://mailman.ds9a.nl/pipermail/lartc/2005q1/014673.html posted by Catalin, which looks great but still no match by fwmark. Should I suspect an iptables wrong behavior? Or it's just my stupid brain that tricks me again? Any help is much appreciated. Kind regards, Adrian ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] tc + zebra/quagga
On Sunday 27 March 2005 14:50, you wrote: Lorin wrote: I have some problem with traffic shaping on debian testing. I actually posted a full config on the list a while ago but didn't get any answers. The problem is that traffic doesn't get into the user classes (~150) when I associate a class with a qdisc. I tried sfq, fifo but none works. If I dont't associate a qdisc with a class classification occurs well. I'm pretty sure the config is ok. Just was wondering if someone has already steped into this one. This box runs zebra and bgpd as it is a bgp border router. I found this post on google which is quite similar to my case: http://mailman.isi.edu/pipermail/6bone/2002-May/005420.html. Thank you. This is strange - can you recreate it with a small test script that doesn't use htbinit way of naming/numbering. Andy. It would be quite some work to setup a configuration, there are a lot of hosts that need to be limited. Here is what I have: #---class root - RATE/CEIL=100Mbit /sbin/tc class add dev eth0 parent 1: classid 1:0010 htb rate 100Mbit /sbin/tc qdisc add dev eth0 root handle 1 htb default 3000 #---class bgp - RATE/CEIL=128Kbit /sbin/tc class add dev eth0 parent 1:0010 classid 1:0050 htb rate 128Kbit ceil 128Kbit prio 0 /sbin/tc qdisc add dev eth0 parent 1:0050 handle 0050 sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dst bgp peer/32 classid 1:0050 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src bgp peer/32 classid 1:0050 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 179 0x classid 1:0050 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 179 0x classid 1:0050 #---class management - RATE/CEIL=64Kbit (ssh,icmp) /sbin/tc class add dev eth0 parent 1:0010 classid 1:0500 htb rate 64Kbit ceil 64Kbit prio 1 /sbin/tc qdisc add dev eth0 parent 1:0500 handle 0500 sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 22 0x classid 1:0500 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 22 0x classid 1:0500 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src 83.103.150.50 classid 1:0500 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dst 83.103.150.50 classid 1:0500 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip sport 0 0x classid 1:0500 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip dport 0 0x classid 1:0500 #---class premium - RATE/CEIL=sum of RATE child classes (the broadband way [tm]) /sbin/tc class add dev eth0 parent 1:0010 classid 1:1000 htb rate 352Kbit ceil 352Kbit prio 2 /sbin/tc qdisc add dev eth0 parent 1:1000 handle 1000 sfq perturb 10 /sbin/tc class add dev eth0 parent 1:1000 classid 1:1001 htb rate 32Kbit ceil 64Kbit prio 2 /sbin/tc qdisc add dev eth0 parent 1:1001 handle 1001 sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src client1 ip/32 classid 1:1001 /sbin/tc class add dev eth0 parent 1:1000 classid 1:1002 htb rate 32Kbit ceil 64Kbit prio 2 /sbin/tc qdisc add dev eth0 parent 1:1002 handle 1002 sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src client2 ip/32 classid 1:1002 /sbin/tc class add dev eth0 parent 1:1000 classid 1:1003 htb rate 32Kbit ceil 64Kbit prio 2 /sbin/tc qdisc add dev eth0 parent 1:1003 handle 1003 sfq perturb 10 /sbin/tc filter add dev eth0 parent 1:0 protocol ip prio 100 u32 match ip src client3 ip classid 1:1003 #---class best-effort RATE/CEIL=sum of RATE child classes individual limits just like in premium class #---class default RATE/CEIL=2Kbit /sbin/tc class add dev eth0 parent 1:3000 classid 1:3000 htb rate 2Kbit prio 7 /sbin/tc qdisc add dev eth0 parent 1:3000 handle 3000 sfq perturb 10 If I set the leaf qdisc to 'none' traffice gets classified well; if I use a qdisc in a child class all traffic goes to default. After few tests I managed to isolate the problem (kinndof) - if I use just one class, best-effort for example, and put all filters/qdisc in this one everything works fine. But I really need to separate big clients (premium) from small ones (best-effort) and to shape management/bgp traffic separately from those 2. atm the only separations is made after prio value: bgp 0, management 1, premium 2, best-effort 3 and default 7. Thanks for the help! p.s. I'm working on a romanian translation for LARTC. I have about 1/4 of it till now. If there are any romanians on this list willing to help it would a very nice thing to do for the community. Also translating this great howto it's a study itself so you can get also some solid knowledge besides the Glory:) -- + Lorin + I tought I taw a putty cat...I did! I did taw a putty cat! + http://si-bemol.ro
Re: [LARTC] new perflow rate control queue
Wang Jian wrote: Hi, One of my customer needs per flow rate control, so I write one. The code I post here is not finished, but it seems to work as expected. The kernel patch is agains kernel 2.6.11, the iproute2 patch is against iproute2-2.6.11-050314. I write the code in a hurry to meet deadline. There are many other things to do ahead for me. The code is written in 2 days (including read other queue's code) and tested for a while to find obvious mistake. Don't be suprised when you find many many bugs. Wow - I wish I could write that in 2 days :-) The test scenario is like this www server - [ eth0 eth1 ] - www clients The attached t.sh is used to generate test rules. Clients download a big ISO file from www server, so flows' rate can be estimated by view progress. However I use wget to test the speed, so the speed is accumulated, not current. What if the client uses a download accelerator and has 12 connections (I suppose server could limit this - but if client is behind nat you may hurt others - which is what sfq does now AIUI, because it doesn't hash on dst port.) The problems I know: 1. The rtnetlink related code is quick hack. I am not familiar with rtnetlink, so I look at other queue's code and use the simplest one. 2. perflow queue has no stats code. It will be added later. 3. I don't know what is the dump() method 's purpose, so I didn't write dump() method. I will add it later when I know what it is for and how to write rtnetlink code. Any feedback is welcome. And test it if you can :) PS: the code is licensed under GPL. If it is acceptable by upstream, it will be submitted. Having per flow without the drawbacks of sfq is really cool, but I agree with Patrick about letting htb/hfsc limit. You say in the code - You should use HTB or other classful qdisc to enclose this qdisc So if you do that (unless you meant should not) then you can't guarentee per flow rate anyway without knowing the number of flows, unless you can set rate so high that max flows x flow rate htb rate. I think you can still limit per flow ceil if you use htb/hfsc to ratelimit. I suppose you are solving a different problem with this than I normally shape for ie. you have loads of bandwidth and I have hardly any. It still could be something really usefull for me though, as I suspect it wouldn't be too hard to add lots of features/switches which (e)sfq doesn't have like - Per flow queue length limit - and more choice than just tail drop (I am thinking of me shaping from wrong and of link here - server with BIC tcp is horrible with tail drop - others are not as bad). For people who use esfq for hundreds of users, you could still do fairness of tcp flows within fairness per user address. Requeue properly which (e)sfq doesn't. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Limiting bandwidth on one port
Tim Churchard wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Everyone I'm new to tc. I'm trying to speed limit access to SSH/SFTP on my external interface (eth0) without affecting any other traffic on any of the other interfaces. I've attached a script with my tc commands in. Can someone point me in the right direction? If you use htb then the default is for unclassified traffic to be unlimited so you wouldn't need line rate. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] classes and qdiscs
Marcus Fritzsch wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hello everybody! I am wondering, whether it is possible to have qdiscs and classes as childs of a class or not. take the following example: ~ ,- ~ |class 1:1 ~ | / \ ~ | / \ ~ | / \ ~ | class 1:10 qdisc 11: ~ | /\ ~ |...... ~ `- does this makes any sense? You can do a queue within a queue with htb see section 6 - http://luxik.cdi.cz/~devik/qos/htb/manual/userg.htm You will need to double up on filters - ie. you can't filter directly from root queue to subclass of child queue. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Help please with tc and iptables mark
Adrian Turcu wrote: Hello list members, Finaly I'm here after a week of trying to subscribe to this list... pfew... Anyway... I have a rather strange problem with tc. I am trying to police the ingress traffic into my network using the iptables MARK feature (in mangle table, PREROUTING) but it seems that tc filters ignore this marks and they don't work at all for me. Let me explain a bit more in detail: There is alot of work going on with tc at the moment - There are/will be lots more matches and the ability to run iptables commands from filters. I have a server behind my linux-firewall box (firewall is with 2.6.10 kernel custom build, I think with 2.6.10 you can still get the behaviour you want if you don't select packet action in Qos and/or fair queuing of config - you get to select a different policer then. CONFIG_NET_CLS_POLICE is the one you want if the other doesn't disappear de select it aswell. Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Help please with tc and iptables mark
There is alot of work going on with tc at the moment - There are/will be lots more matches and the ability to run iptables commands from filters. ... Like matching the tc flows with iptables chains? that will be nice. I've seen some similar options in the kernel, but not sure how they work (i.e. CONFIG_NET_ACT_IPT); I couldn't find any doc (howto)... I think with 2.6.10 you can still get the behaviour you want if you don't select packet action in Qos and/or fair queuing of config - you get to select a different policer then. CONFIG_NET_CLS_POLICE is the one you want if the other doesn't disappear de select it aswell. I don't have CONFIG_NET_CLS_POLICE, but CONFIG_NET_CLS_ACT enabled and CONFIG_NET_ACT_POLICE as a module. If I disable CONFIG_NET_CLS_ACT there are few more that disappear. I'll try this right now (have to rebuild the kernel). Andy. Thanks a lot, Adrian ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] netem with prio hangs on duplicate
On Wed, 30 Mar 2005 10:05:04 -0800 (PST) js si [EMAIL PROTECTED] wrote: hi i tried the example given on the examples page to duplicate selected traffic like tc qdisc add dev eth0 root handle 1: prio tc qdisc add dev eth0 parent 1:3 handle 3: netem duplicate 40% tc filter add dev eth0 protocol ip parent 1:0 prio 3 u32 match ip dst 11.0.2.2 flowid 1:3 Try this. qdisc_restart() has a bug. It will spin until packet becomes available, which is wrong. This effects both netem and tbf, maybe other qdisc as well. --- linux-2.6/net/sched/sch_generic.c 2005-03-14 14:30:52.0 -0800 +++ tcp-2.6/net/sched/sch_generic.c 2005-04-04 10:28:31.0 -0700 @@ -176,10 +176,10 @@ int qdisc_restart(struct net_device *dev requeue: q-ops-requeue(skb, q); - netif_schedule(dev); - return 1; + netif_schedule(dev); + return q-q.qlen; } - return q-q.qlen; + return 0; } static void dev_watchdog(unsigned long arg) ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [OBORONA-SPAM] [LARTC] RTNETLINK answers: Invalid argument
Le dimanche 03 avril 2005 21:55 +0300, Pan'ko Alexzender a crit : On Sun, 03 Apr 2005 18:54:15 +0200 Nicolas Mailhot [EMAIL PROTECTED] wrote: Hi, On this Fedora Core Devel (Raw Hide) system, if I boot on a distribution kernel (based on 2.6.12rc1-bk2) the network is fine. If I build a custom 2.6.12-rc1-V0.7.43-06 or 2.6.12-rc1-mm4 kernel the network interface fails to initialise on boot with RTNETLINK answers: Invalid argument. What can possibly cause this ? I advice you to rebuild iproute to. Are you sure ? 2.6.12-rc1-V0.7.43-06 2.6.12rc1-bk2 2.6.12-rc1-mm4 and the iproute version is 2.6.11 (older than all of this) so it does not look like it's a api change or something like this (unless the Raw Hide kernel has a specific patch to make it behave like 2.6.11) Regards, -- Nicolas Mailhot signature.asc Description: This is a digitally signed message part ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Suspicious Attachment
-- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Mon, 04 Apr 2005 23:42:14 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] DMZ and WAN
Hola, I have a question in regards to ignoring traffic shaping for LAN side that connects to a DMZ IMAP server through the WAN interface. The DMZ and the WAN side are both on a 10/100 switch. Is it possible? Thanks. ~Andrew. OS MDK 9.1 kernel-smp-2.4.21.0.33mdk-1-1mdk HTB; iproute2-2.4.7-7mdk; shorewall-1.4.8-2.2.92mdk ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] simple routing protocol for VPN redundancy?
I'm going to start a load balancing failover VPN over multiple providers. It means we can not just have high availability tunnel but also utilize the bandwidth of all providers. It'll be a part of newly started linux multihoming project Is there any developer interested to join ? Simon Chang wrote: Hello all, I need a very simple routing protocol for VPN redundancy. We have several sites and each site has a Linux router and two IPCops each with an ADSL connection to the internet using different ISP's. I have configured VPN's between all of the sites for each IPcop on ispA and the same for the IPCops on ispB. This way, if one of the ISP fails, I change the route on the router and my VPN's continue to function over the other ISP. This is a very simple saftey but it works well and its pretty cheep. But I'm getting sick of changing the routes by hand and wonder if there is any way of automating the failover. What I was thinking of is maybe a script/utility that I could configure to ping a host on a remote lan and if I started to loose to many packets or it got too slow or failed it would change the route automatically. Has any one ever written a script or know of a utility that can do that? Cheers Simon. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] limiting upload rate
hi, I have a lan with internet conection, the gateway is a server linux. I have a client (192.168.0.33) that i want limit his upload rate to 64kbit/s so I do: tc qdisc del dev ppp0 root tc qdisc add dev ppp0 root handle 1: htb r2q 1 tc class add dev ppp0 parent 1: classid 1:2 htb rate 64kbit ceil 64kbit burst 6k tc filter add dev ppp0 parent 1: protocol ip prio 1 handle 0x1 fw classid 1:2 iptables -t mangle -A PREROUTING -s 192.168.0.33 -j MARK --set-mark 0x1 iptables -t mangle -A PREROUTING -s 192.168.0.33 -j RETURN but this do not work, any sugestions? thanks. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [Netem] Re: [LARTC] netem with prio hangs on duplicate
On Mon, 4 Apr 2005 11:00:36 -0700 Stephen Hemminger [EMAIL PROTECTED] wrote: On Wed, 30 Mar 2005 10:05:04 -0800 (PST) js si [EMAIL PROTECTED] wrote: hi i tried the example given on the examples page to duplicate selected traffic like tc qdisc add dev eth0 root handle 1: prio tc qdisc add dev eth0 parent 1:3 handle 3: netem duplicate 40% tc filter add dev eth0 protocol ip parent 1:0 prio 3 u32 match ip dst 11.0.2.2 flowid 1:3 Try this. qdisc_restart() has a bug. It will spin until packet becomes available, which is wrong. This effects both netem and tbf, maybe other qdisc as well. Never mind, that patch is crap... ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] question about pkt_sched.h for tc
in the tc directory tc_util.h and tc_core.h use pkt_sched.h which is stored in iproute's include directory. is there any dependency between this pkt_sched.h file and the ones that come with the standard linux kernel source. thanks. __ Do you Yahoo!? Yahoo! Mail - Find what you need with new enhanced search. http://info.mail.yahoo.com/mail_250 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
Re: [LARTC] Help please with tc and iptables mark
On Mon, Apr 04, 2005 at 02:31:52PM +0100, Andy Furniss wrote: Adrian Turcu wrote: Hello list members, There is alot of work going on with tc at the moment - There are/will be lots more matches and the ability to run iptables commands from filters. Is there any doco on this functionality ? Any body thought of running a wiki ? Andy. ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc signature.asc Description: Digital signature ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
[LARTC] Suspicious Attachment
-- Warning: Message delivery wasn't performed. Reason: Our virus scanner detected very suspicious code in the attachment of a mail addressed to a user of our system. The following message will not be delivered: From: [EMAIL PROTECTED] To: LARTC@mailman.ds9a.nl Subj: [LARTC] Re: Date: Tue, 05 Apr 2005 09:45:25 +0530 Virus: Worm.Bagle.AG.2 Feel free to contact no_one if you can't cope with it. -- This mail was automatically generated by TrashScan v0.12 ___ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc